Grsecurity/Pax installation on Devuan GNU/Linux

This is a placeholder. I managed to do it, and I need the link before I go to sleep.(I'll be posting from Devuan, but my Mutt is only in Gentoo yet, and the link I need for this thread:unoffic-grsec 4.9.27 kernel compile, one last hurdlehttps://lists.dyne.org/lurker/message/2 … 31.en.html [1]where I need to send an email to, just next... --and then go to sleep, so tired, but so happy!--)---[1] EDIT: Unfortunately, Devuan DNG Mailing List appears to (currently) scrub all attachments. Another mail archive to the rescue! Pls., for now, advanced users can find useful tips if they study esp. this attachment:grsec-dev1-compile.sh.gzwhich is part of this email:unoffic-grsec 4.9.27 kernel compile, one last hurdle(which is the same email as in Devuan DNG ML, just the attachments are available)(of course I hope that condition will be fixed in Devuan DNG; I did write a report --or here-- about it)

Re: Grsecurity/Pax installation on Devuan GNU/Linux

Yet more to say, but no more time. Learn (if you need to), and of course: enjoy!---[1] Well, the level of the geniuses spender and PaX Team was too high for even Linus the Mr. Linux guy... But Minipli, parazyd and friends seem to be doing well...I have been using minipli's unofficial-grsec since around the time of creation of the repo, and I for one, can tell you it is good, it protected me well!!

( well, not the chroot in all cases, but the other two, yes! because of those )

So, if you don't want to have to cope with all that huge info, then when you are offered by the script that you downloaded from https://github.com/miroR/grsec-dev1-compile to modify you .config[/config, i.e. when it reaches to make menuconfig, set those to: =n, and you won't have the deluge.

The setting to disable exec_logging with "echo 0", and likewise the setting to disable of audit_chdir is if you compile with exec_logging and audit_chdir. Enable it again with the "echo 1 ..." line.

Currently, and I don't know why, the tpe ([T]rusted [P]ath [E]xecution, pls. read in the kernel help when you issue "menu makeconfig" about it), just does not work right in Devuan/Debian/Ubuntu. E.g. I couldn't run any scripts from /usr/local/bin because of it. So, disabling it with issuing the two "echo 0 ..." lines.

Re: Grsecurity/Pax installation on Devuan GNU/Linux

There's great evidence (in worrying circumstances, for me) of the goodness of grsec's exec_logging and audit_chdir features at my recent investigation at:Strange Bash under grsecurity's exec logginghttps://dev1galaxy.org/viewtopic.php?id=1598

Re: Grsecurity/Pax installation on Devuan GNU/Linux

I also wonder what exactly KSPP are trying to achieve, it seems like a talking shop at this stage.

And the attitudes of certain people, mean kernel security is never going to be anything more than a retroactive approach anyway: http://lkml.iu.edu/hypermail/linux/kern … 06228.html (nothing unusual there, it's just the usual dismissive disdain for "security people")

I also wonder what exactly KSPP are trying to achieve, it seems like a talking shop at the moment...

Not in the future, you already have to pay for it. But not the unofficial-grsecurity which is completely open, and which I talk about and post packages of, since the closure of free official grsecurity.

I also wonder what exactly KSPP are trying to achieve, it seems like a talking shop at this stage.

And the attitudes of certain people, mean kernel security is never going to be anything more than a retroactive approach anyway: http://lkml.iu.edu/hypermail/linux/kern … 06228.html (nothing unusual there, it's just the usual dismissive disdain for "security people")

I also wonder what exactly KSPP are trying to achieve, it seems like a talking shop at the moment...

You do point to another... erhm...historical remark by Linus... Appreciated!

But no time for discussion here on my part, too many things to solve are on my hands instead.

The patches, I believe, are still good, the unofficial ones, but surely more testing would be needed by more people!